Sign in with
Sign up | Sign in
Your question

Restricting changes on windows register keys

Tags:
  • Windows XP
Last response: in Windows XP
Share
March 3, 2005 2:57:49 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Just allow some users to change values on register windows keys.

My insufficients steps:
1. Enable local and domain policy "Prevent access to registry editing tools"
2. Restrict regedit.exe and regedt32.exe use on ""Don't run specified
Windows applications" and "Restrict these
programs from being launched from Help" policies and enable "Prevent access
to the command prompt"
3. Restrict Permissions (right click on register key selected) for some
users.

But some users continues changing values on keys "restricted" (step 3)

How can I restrict completely permissions (security) to do changes on
register windows keys?

We're using WXP SP2 and W2K Server Standard SP4

THANKS

More about : restricting windows register keys

Anonymous
March 3, 2005 2:57:50 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

On Thu, 3 Mar 2005 11:57:49 -0600, "Solomon" <inteca@NOracsa.co.cr>
wrote:

>Just allow some users to change values on register windows keys.
>
>My insufficients steps:
>1. Enable local and domain policy "Prevent access to registry editing tools"
>2. Restrict regedit.exe and regedt32.exe use on ""Don't run specified
>Windows applications" and "Restrict these
>programs from being launched from Help" policies and enable "Prevent access
>to the command prompt"
>3. Restrict Permissions (right click on register key selected) for some
>users.
>
>But some users continues changing values on keys "restricted" (step 3)
>
>How can I restrict completely permissions (security) to do changes on
>register windows keys?
>
>We're using WXP SP2 and W2K Server Standard SP4
>
>THANKS
>
Do your users have ADMIN privileges ?

Dave
March 3, 2005 4:51:59 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

Of course not.
All are domain users (not local: Administrators & Power Users by example)
and they are member of Domain Users plus other groups (with scope Global and
type security) dependent of theirs departments (not Administrators, Domain
Admins, ... Admins)

THKS!
---
"da_test" <davexnet02NO@SPAMyahoo.com> wrote in message
news:ncme21hbjbeq3pdr1kr5nhvmaqs5u3kbfb@4ax.com...
> On Thu, 3 Mar 2005 11:57:49 -0600, "Solomon" <inteca@NOracsa.co.cr>
> wrote:
>
>>Just allow some users to change values on register windows keys.
>>
>>My insufficients steps:
>>1. Enable local and domain policy "Prevent access to registry editing
>>tools"
>>2. Restrict regedit.exe and regedt32.exe use on ""Don't run specified
>>Windows applications" and "Restrict these
>>programs from being launched from Help" policies and enable "Prevent
>>access
>>to the command prompt"
>>3. Restrict Permissions (right click on register key selected) for some
>>users.
>>
>>But some users continues changing values on keys "restricted" (step 3)
>>
>>How can I restrict completely permissions (security) to do changes on
>>register windows keys?
>>
>>We're using WXP SP2 and W2K Server Standard SP4
>>
>>THANKS
>>
> Do your users have ADMIN privileges ?
>
> Dave
Related resources
Anonymous
March 3, 2005 8:02:09 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

On Thu, 3 Mar 2005 13:51:59 -0600, "Solomon" <inteca@NOracsa.co.cr>
wrote:

>Of course not.
>All are domain users (not local: Administrators & Power Users by example)
>and they are member of Domain Users plus other groups (with scope Global and
>type security) dependent of theirs departments (not Administrators, Domain
>Admins, ... Admins)
>
>THKS!
You are trying to restrict users access to the registry, but some how
they are accessing it? Have you a theory as to how they are
accomplshing it?

Are they logging on as local administrators is SAFEMODE
for example?
DAve
March 4, 2005 2:27:23 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

I think they are accessing registry through DOS mode or remotely.
We don't use local users, just domain users. All default local users are
disabled.

---
"da_test" <davexnet02NO@SPAMyahoo.com> wrote in message
news:7pcf21dho1qgf8q70r5g7nio5btosbn8v3@4ax.com...
> You are trying to restrict users access to the registry, but some how
> they are accessing it? Have you a theory as to how they are
> accomplshing it?
>
> Are they logging on as local administrators is SAFEMODE
> for example?
> DAve
Anonymous
March 5, 2005 3:10:14 PM

Archived from groups: microsoft.public.windowsxp.general,microsoft.public.windowsxp.security_admin (More info?)

>"da_test" <davexnet02NO@SPAMyahoo.com> wrote in message
>news:7pcf21dho1qgf8q70r5g7nio5btosbn8v3@4ax.com...
>> You are trying to restrict users access to the registry, but some how
>> they are accessing it? Have you a theory as to how they are
>> accomplshing it?
>>
>> Are they logging on as local administrators is SAFEMODE
>> for example?
>> DAve
>
>On Fri, 4 Mar 2005 11:27:23 -0600, "Solomon" <inteca@NOracsa.co.cr> wrote:

>I think they are accessing registry through DOS mode or remotely.
>We don't use local users, just domain users. All default local users are
>disabled.
>
What about the administrator account in safemode?
That's impossible to disable isn't it?

Dave
!